Adobe also released patches and an update for Acrobat and Reader on Windows fixes at least one bug that is being exploited in the wild.
A number of patches were also issued for the Adobe Illustrator product and all are rated critical.
Of the vulnerability being currently exploited, Dustin Childs of the Zero Day Initiative, said: "The bug (CVE-2021-28550) is one of three use after free bugs addressed by this patch. These and other vulnerabilities could lead to code execution if someone were to open a specially crafted PDF with an affected version of Acrobat or Reader.
Microsoft issued a number of patches for its Microsoft Exchange Server mail transport agent, following the rash of patches for the same product issued over March and April.
There were two patches each for Exchange Server 2016 and 2019, and a single path for the 2013 version, with all rated moderate.
Childs rated the following vulnerabilities as the ones to be patched right away, with the first two being classified as critical:
CVE-2021-31166 – HTTP Protocol Stack Remote Code Execution Vulnerability, a bug that is wormable.
CVE-2021-28476 – Hyper-V Remote Code Execution Vulnerability which could be used for a DoS attack.
CVE-2021-27068 – Visual Studio Remote Code Execution Vulnerability could allow code execution.
CVE-2020-24587 – Windows Wireless Networking Information Disclosure Vulnerability
Of the Exchange patches, Childs said some were related to bugs disclosed during the recent Pwn2Own hacking contest.
"Two of the patches correct remote code execution bugs," he said. "While it appears these bugs result from Pwn2Own submissions, the exploits used during the contest did not require user interaction.
"The write-up from Microsoft does list user interaction in the CVSS score. However they may be scoring just this piece of the exploit chain.
"There’s also a spoofing bug and a security feature bypass that were used at the contest as part of a multi-bug chain.
"More Exchange patches are expected as not everything disclosed at the contest has been addressed. We’re working with Microsoft to get further clarification."